By Naomi Dolin-Aubertin
It feels like I've been posting about internet security breaches and their updates/fixes for a while now. This latest week brought the news that virtually all versions of the Internet Explorer browser was vulnerable to hackers. So vulnerable in fact, that the Homeland Security warned people against using Internet Explorer. And when the government gets involved, you know it must be bad, right? To be honest, in searching for content on the Internet Explorer bug, clumsily named "Operation Clandestine Fox," I was rather surprised by the paucity of information. Unlike the widely-marketed and branded Heartbleed bug, "Fox" didn't seem to hit the mainstream media as hard, despite the fact Internet Explorer accounts for half of all browser use.
The vulnerability exists in the way that Internet Explorer accesses an object in memory that has been deleted or has not been properly allocated. The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer. An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website. [1]
The flaw allowed hackers to install malicious software, view data, and otherwise control processes on a user's computer. It seems it was mainly for corporate or industrial espionage, nevertheless, it constituted a serious security breach. Microsoft issued a patch, so now's the time to go to "check for updates" and secure your IE browser. If you are still running Windows XP, you'll be glad to know that Microsoft issued a patch for you as well, though we still recommend upgrading your operating system, as Microsoft has suspended updates and service for XP. In fact, they most likely only issued this patch based on the severity of the issue and the short time period since they retired XP.
Returning to Heartbleed, it turns out only 39% of Americans actually bothered to update their passwords following news of the threat. If you're in need of more Heartbleed info, I recommend checking out the articles I wrote here and here. Most of your social media passwords should be changed, especially anything connecting to credit card info.
So what can we look ahead to as 2014 continues to unfold? Some see a silver lining in bugs like Heartbleed: Internet users who previously may not have given much consideration to their online passwords are now changing them, and even enabling two-factor authentication, since Heartbleed was exposed." People have also started using different passwords on different sites, which is fabulous.
Certainly, we can expect more news of data breaches at large retailers and security flaws on the internet as the year progresses. What we can hope is that this will force us all to take a closer look at the platform upon which we share so much information and work to make it better, safer, and more secure.
Leave a comment!